Chinese hackers are now after LoopPay

Photo courtesy: NY Times
From the last few months, LoopPay has become apple of Chinese
hackers’ eye. This is because the software company based in United Stated
became the centerpiece of Samsung’s new mobile payment system.
Recent news reports have confirmed that LoopPay became a
victim of a sophisticated attack by a group of government-affiliated Chinese
hackers.
Anyways, the hack has confirmed that the hackers who broke into LoopPay actually wanted to get into the technology that drives Samsung Pay.
According to the security researcher, who discovered the
hack, the hackers group is known as Codoso or Sunshock.
The hack was happened in March however, it was only
discovered in August when it came across LoopPay’s data while tracking the
Codoso Group in a separate investigation by those security experts who have
been tracking the Codoso hackers.
However, both LoopPay and Samsung executives confirmed that they
had removed infected machines, and that customer payment information and
personal devices were not affected.
“Samsung Pay was not impacted and at no point was any
personal payment information at risk,” Darlene Cedres, Samsung’s chief privacy
officer, said in a statement. “This was an isolated incident that targeted the
LoopPay corporate network, which is a physically separate network. The LoopPay
corporate network issue was resolved immediately and had nothing to do with
Samsung Pay.”
LoopPay executives said the hackers appeared to have been
after the company’s technology, known as magnetic secure transmission, or MST,
which is a key part of the Samsung Pay mobile payment wallet that made its
public debut in the United States last week.
Samsung bought LoopPay in February, in an attempt to offer
its own alternative to Apple Pay.
Investigators reckon hackers from the so-called Codoso Group
were after information to do with the magnetic secure transmission (MST)
developed by LoopPay that forms a key part of the Samsung Pay mobile payment
service.

According to a news report published in NewYork Times, LoopPay
hired two private forensics teams to investigate the breach on Aug. 21, just a
month before it was set to bring Samsung Pay to the United States, according to
Mr. Graylin. Both are still working in the case.

Leave a Reply